Mercurial > hg > orthanc
changeset 2789:2a4ac74da1ed
Fix HTTPS requests to sites using a certificate encrypted with ECDSA
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 26 Jul 2018 14:02:20 +0200 |
| parents | 959bd8857eb5 |
| children | c7313e1f7644 |
| files | NEWS Resources/CMake/OpenSslConfiguration.cmake |
| diffstat | 2 files changed, 13 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/NEWS Thu Jul 26 12:25:18 2018 +0200 +++ b/NEWS Thu Jul 26 14:02:20 2018 +0200 @@ -4,6 +4,7 @@ * New configuration option: "HttpVerbose" to debug outgoing HTTP connections * Fix incoming DICOM C-Store filtering for JPEG-LS transfer syntaxes * Fix OrthancPluginHttpClient() to return the HTTP status on errors +* Fix HTTPS requests to sites using a certificate encrypted with ECDSA Version 1.4.1 (2018-07-17)
--- a/Resources/CMake/OpenSslConfiguration.cmake Thu Jul 26 12:25:18 2018 +0200 +++ b/Resources/CMake/OpenSslConfiguration.cmake Thu Jul 26 14:02:20 2018 +0200 @@ -208,21 +208,18 @@ ${OPENSSL_SOURCES_DIR}/engines ) endif() - - if (ENABLE_PKCS11) - list(APPEND OPENSSL_SOURCES_SUBDIRS - # EC, ECDH and ECDSA are necessary for PKCS11 - ${OPENSSL_SOURCES_DIR}/crypto/ec - ${OPENSSL_SOURCES_DIR}/crypto/ecdh - ${OPENSSL_SOURCES_DIR}/crypto/ecdsa - ) - else() - add_definitions( - -DOPENSSL_NO_EC - -DOPENSSL_NO_ECDH - -DOPENSSL_NO_ECDSA - ) - endif() + + list(APPEND OPENSSL_SOURCES_SUBDIRS + # EC, ECDH and ECDSA are necessary for PKCS11, and for contacting + # HTTPS servers that use TLS certificate encrypted with ECDSA + # (check the output of a recent version of the "sslscan" + # command). Until Orthanc <= 1.4.1, these features were only + # enabled if ENABLE_PKCS11 support was set to "ON". + # https://groups.google.com/d/msg/orthanc-users/2l-bhYIMEWg/oMmK33bYBgAJ + ${OPENSSL_SOURCES_DIR}/crypto/ec + ${OPENSSL_SOURCES_DIR}/crypto/ecdh + ${OPENSSL_SOURCES_DIR}/crypto/ecdsa + ) foreach(d ${OPENSSL_SOURCES_SUBDIRS}) AUX_SOURCE_DIRECTORY(${d} OPENSSL_SOURCES)